** Description changed: [ Impact ] This release brings both bug-fixes and new features for the Pro Client, and we would like to make sure all of our supported customers have access to these improvements on all releases. The most important changes are: - <TODO> + + - Some contracts now carry a restriction - they are valid only for a + specific series. This new version of the client ensures that behavior, + by blocking attachment on different series, and detaching on non- + compliant scenarios. + + - Now we are auto-selecting package updates when enabling FIPS based on + what is installed in the system and what is available in the repository, + rather than using hardcoded lists of packages, by default on J/N and as + opt-in in X/B/F + + - We are automatically selecting the raspi variant of Realtime Kernel + when enabling the service on Raspberry Pi 4 and 5. See the changelog entry below for a full list of changes and bugs. + [ Test Plan ] The following development and SRU process was followed: https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates The Pro Client developers will be in charge of attaching the artifacts of the appropriate test runs to the bug, and will not mark ‘verification-done’ until this has happened. - Besides the full integration test runs, manual tests were executed to verify bugs: - <TODO> [ Where problems could occur ] In order to mitigate the regression potential of the changes in this version, the results of the integration tests suite runs are attached to this bug. - Other considerations not covered by the integration test suite are: + Other considerations are: - * Think about what the upload changes in the software. Imagine the - change is wrong or breaks something else: how would this show up? + - Although this version brings a fix from a previous hotfix on Apparmor + profiles, we may be missing other problems and denials which may happen. + We keep an eye on bug reports for anything apparmor related and have + released hotfixes in the past for known cases, always guaranteeing to + cover the new scenario in acceptance tests. - * This must '''never''' be "None" or "Low", or entirely an argument as - to why your upload is low risk. + - The support for beta services was removed in this version, because it + was far from ideal from an implementation standpoint, and we have no + beta services at the moment. If a beta service appears in the future, + the functionality would have to be reimplemented, but we have + communicated that such services should be planned in advance so we can + work on the engineering side. To ensure compatibility with older + releases, anything beta-related is accepted (and then ignored) when + running CLI commands. - * This both shows the SRU team that the risks have been considered, and - provides guidance to testers in regression-testing the SRU. + - Now, instead of hardcoding a list of packages to install when enabling + FIPS, we are installing/upgrading packages based on their presence in + the system, checking for candidates with python3-apt. Of course, if any + mistake was made here, we may be leaving systems with a wrong package + set for FIPS. To avoid that, we have extensive integration testing in + the acceptance suite. Besides that, even doing it right *may* cause the + package list to be different somehow based on the dynamic updates to the + PPAs (this does not happen to FIPS, but may happen to FIPS Updates / + Preview). To avoid this kind of situation, we made the feature enabled + by default only on Jammy+ (where we could test and verify the package + sets match), and made it opt-in for Xenial, Bionic, Focal. + + - We are now auto-selecting variants when no --variant flag is passed by + the user. We in fact always did that, but we auto-selected a hardcoded + default, which was not ideal for every scenario. Now we have platform + checks to determine a variant. We made it explicit to users by adding an + extra prompt when enabling. The raspi variant is the first one to be + auto-selected on systems where it should be default (Raspberry Pi 4 and + 5), but further may come in the future. Auto-selecting the wrong variant + may break the user's system, as this kind of change is hard to revert. + However, we believe our new mechanism will cause *less* errors, and not + more, given the hardcoded generic kernel would be wrong for many systems + anyway. We are in touch with the RT Kernel developers, and have tests on + our suite to guarantee functionality. + [ Other Info ] - * Anything else you think is useful to include + Many changes in this release are refactors, test improvements, among + other code-quality improvement changes. So there are many commits that + don't bring functionality changes. - * Anticipate questions from users, SRU, +1 maintenance, security teams - and the Technical Board and address these questions in advance [ Changelog ] - <TODO> + ubuntu-advantage-tools (33) oracular; urgency=medium + + * d/apparmor: adjust the esm_cache apparmor profile to allow reading of dpkg + data directory (LP: #2067810) (GH: #3137) + * New upstream release 33 (LP: #2069237) + - apt: use Python bindings instead of apt CLI to query for installed + packages (LP: #2060769) (LP: #2068744) + - beta: drop support for beta services + - contracts: add support for contracts which target a specific series + - fips: change enable functionality to ensure all packages with a FIPS + candidate are upgraded to the FIPS version (GH: #2667) + - fix: + + add the current_status field to the plan api return object + + change recommended attach method to magic attach (GH: #3040) + - livepatch: prefer the term 'coverage' instead of 'support' in messaging + (GH: #3063) + - realtime: + + auto-select the raspi variant when appropriate + + inform the user when auto-selecting a variant
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2069237 Title: [SRU] ubuntu-advantage-tools (32.3 -> 33) Xenial, Bionic, Focal, Jammy, Mantic, Noble To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2069237/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
